Using Burp Suite as an Invisible Proxy Tunneled Over SSH

I recently had to test a REST API with Burp Suite with a couple of unusual conditions. The first was I had a thick client to talk to the API that had no understanding of proxies. I could use curl to do the same thing but the client was still something I wanted to test. The second was the only access I had to target server was via SSH to a gateway system to get into the network the target was on. I knew I could tunnel Burp over SSH and I knew I could set up Burp as an invisible proxy. There are how tos out there about doing either thing separately but I didn’t find anything about doing them together. It took some trial and error with varying levels of success until I managed land at this solution that gave me the best results. Continue reading “Using Burp Suite as an Invisible Proxy Tunneled Over SSH”

Relaxing Afternoon at West Point

I am onsite with a customer in New Jersey for a couple of weeks and they are are too close to West Point to not visit over the weekend. It was a beautiful Saturday afternoon and it was great to have no reunion or WPAOG meeting agenda driving my schedule. I just wandered around, took in the sights and watched a few of the sports going on in the afternoon.